The trusted innovator
The technology race is not without pitfalls. In order to combine rapid product development with a high integrity reputation, Panasonic launched one of the world’s largest information security management projects.
Panasonic’s founder Konosuke Matsushita learned the value of knowledge the hard way. Without capital, a formal education and manufacturing experience, he challenged the established electrical companies in the early 20th century. Setting up a small business with his family, he personally invented and developed a series of innovative products, like the two-way power socket and a long lasting bicycle lamp. Facing bankruptcy several times, Matsushita’s determination to improve the life of his fellow citizens always succeeded however, and the business ultimately grew to become one of the world’s largest manufacturers of electrical products.
“The philosophy of our founder is still deeply rooted in our actions. We call it our corporate conscience. Panasonic exists to increase the well-being of people and contribute to society, since the company itself is entrusted to us by the public. In order to act on this philosophy, we must continually improve as an organisation and maintain high ethical standards. Gaining new insight and sharing knowledge is the road to success, but the information must be handled correctly, both within Panasonic and the parties involved in our business,” explains Ms Keiko Kaneko, Director of Panasonic’s Corporate Information Security Division.
Complex organisation
Panasonic is a truly massive organisation with around 300,000 employees in 540 companies. The organisation is divided into independent business domains that are producing everything from digital AVC (Audio Visual Communication) products, home appliances, components and devices to industrial robots. Each domain has its own research and development, production, and sales functions.
The nature of Panasonic’s business requires the organisation to handle a huge flow of sensitive information, like personal data from customers, confidential research results and trading information from Panasonic’s supply chain partners.
“We cannot risk that information is leaked or misused, and we aim to sustain a high level of customer confidence and improve our market position by ensuring our reliability. Therefore, we launched a global security programme in order to further strengthen our information management, increase awareness among employees and communicate to our stakeholders that we put high value on information security,” emphasises Ms Kaneko.
Comprehensive project
Panasonic developed a uniform global information security policy covering everything from documents and digital information to storage devices and human know-how. A set of legal, technical and physical security measures and tools were established for all Panasonic staff, local rules and guidelines were developed and adapted to the regional markets, and a broad awareness program for employees provided in 15 languages. The central management actively promoted the new policy, regional chief information security officers were appointed to promote information security locally and Panasonic trained internal auditors all over the world.
“We now have more than hundred persons responsible for promoting information security internally,” says Ms Kaneko.
From internal assessments to ISO 27001
The information security staff conducted internal assessments all over the world. Several adjustments were made based on the findings. In 2007, Panasonic started the process to obtain global certificates to the ISO 27001 Information Security Management System standard, initiated by Panasonic Automotive Systems. This domain company has several subsidiaries located in China, Asia, Europe and North America and made a great effort to successfully obtain one global ISO 27001 certificate for all subsidiaries simultaneously. Several other domain companies are now in the process of obtaining their certificate, supported by DNV.
“We needed a partner with a broad global presence who knew the local markets. But most importantly, we felt that DNV shares many of our core values,” says Ms Kaneko.
25 business domains with about 95,000 employees are so far certified to ISO 27001 in Japan, and seven business domains with around 50,000 employees have obtained the global certificate in other regions.
The idea of a group audit originated in order to make the certification process more efficient. Panasonic entered a project with DNV to provide one global certificate for the entire Panasonic Group, in joint cooperation with the Japanese certification body JACO-IS.
Information security culture
“The information security management system makes it possible to swiftly respond to any incident that occurs, regardless of location. We have established a culture that does not conceal security issues, but actively works to improve information safety and report incidents. Our personnel are dedicated and I am very pleased with their contribution to our overall information security. Due to our employees’ efforts, we can continue to show our customers and partners that we deserve their trust,” says Ms Kaneko.